From: Fatih USTA <fatihusta86@gmail.com>
To: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: wg-crypt-wg0 process
Date: Wed, 30 Dec 2020 11:19:30 +0300 [thread overview]
Message-ID: <d56b4194-2b74-b440-c102-3b379daa8194@gmail.com> (raw)
Hi
I'm playing wireguard with the namespace. I think I caught a litle problem.
If I delete netns directly, everything is removed, but wg-crypt-wg0
process is still alive.
root 8127 0.0 0.0 0 0 ? S< 07:26 0:00
[wg-crypt-wg0]
root 8143 0.0 0.0 0 0 ? S< 07:26 0:00
[wg-crypt-wg0]
root 8449 0.0 0.0 0 0 ? S< 07:26 0:00
[wg-crypt-wg0]
root 8454 0.0 0.0 0 0 ? S< 07:26 0:00
[wg-crypt-wg0]
If I delete first wireguard interface from the netns, everthing works fine.
wg_version: 1.0.20201221
kernel_version: 3.16.85-1
#!/bin/bash
case $1 in
remove)
ip link del dev bridge0 || { echo "Please add first."; exit 1; }
ip link del dev veth1
ip link del dev veth2
#ip netns exec ns1 ip link del dev wg0
#ip netns exec ns2 ip link del dev wg0
ip netns del ns1
ip netns del ns2
iptables -D FORWARD -i bridge0 -o bridge0 -j ACCEPT
rm -f /tmp/private-ns1 /tmp/private-ns2 /tmp/public-ns1
/tmp/public-ns2
;;
add)
ip link add name bridge0 type bridge || { echo "Please remove
first."; exit 1; }
ip link set dev bridge0 up
ip netns add ns1
ip netns add ns2
ip link add name veth1 type veth peer name eth0 netns ns1
ip link add name veth2 type veth peer name eth0 netns ns2
ip link set dev veth1 up master bridge0
ip link set dev veth2 up master bridge0
ip netns exec ns1 ip link set dev lo up
ip netns exec ns1 ip link set dev eth0 up
ip netns exec ns1 ip addr add 10.150.150.1/24 dev eth0
ip netns exec ns2 ip link set dev lo up
ip netns exec ns2 ip link set dev eth0 up
ip netns exec ns2 ip addr add 10.150.150.2/24 dev eth0
( umask 0077;
wg genkey | \
tee /tmp/private-ns1 | \
wg pubkey > /tmp/public-ns1
wg genkey | \
tee /tmp/private-ns2 | \
wg pubkey > /tmp/public-ns2
)
ip netns exec ns1 ip link add name wg0 type wireguard
ip netns exec ns1 ip addr add 172.16.1.1/24 dev wg0
ip netns exec ns2 ip link add name wg0 type wireguard
ip netns exec ns2 ip addr add 172.16.1.2/24 dev wg0
ip netns exec ns1 wg set wg0 private-key /tmp/private-ns1
listen-port 51820
ip netns exec ns1 ip link set wg0 up
ip netns exec ns2 wg set wg0 private-key /tmp/private-ns2
listen-port 51820
ip netns exec ns2 ip link set wg0 up
ip netns exec ns1 wg set wg0 peer "$(</tmp/public-ns2)"
allowed-ips 172.16.1.0/24 endpoint 10.150.150.2:51820
ip netns exec ns2 wg set wg0 peer "$(</tmp/public-ns1)"
allowed-ips 172.16.1.0/24 endpoint 10.150.150.1:51820
iptables -I FORWARD -i bridge0 -o bridge0 -j ACCEPT
ip netns exec ns1 wg
ip netns exec ns2 wg
ip netns exec ns1 ping -i 0.3 -c 2 172.16.1.2 &>/dev/null && \
echo -e "\n\nWorked" || \
echo -e "\n\nFailed"
;;
*)echo "$(basename $0) add|remove" ;;
esac
--
Fatih USTA
next reply other threads:[~2020-12-30 8:19 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-30 8:19 Fatih USTA [this message]
2020-12-30 9:29 ` John Sager
2020-12-30 12:39 ` Jason A. Donenfeld
2020-12-31 5:47 ` Fatih USTA
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d56b4194-2b74-b440-c102-3b379daa8194@gmail.com \
--to=fatihusta86@gmail.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).